There has been more interest in iPhone applications and the security of such applications. Even if Apple reviews every application and Cocoa development using XCode includes validation and verification tools developers do not always use secure coding methods. Recently there have been various presentations about rouge applications that access personal information such as address books, passwords and location information. Currently there is a CVE canidate for FreeBit ServersMan 3.1.5 iPhone application due to a DOS Crash Attack vulnerability triggered by a malformed HEAD request. It is clear that phone application security has to be included in an organizations Information Assurance Risk Matrix.
Apple's review process may be circumvented in a malicious way resulting in distribution of malware, it is just a matter of time. I would expect that security researches may try to see if they can pass a malicious application through the Apple approval process. It is also to be expected that at some point this will be successful. Software always has an unexpected vulnerability or a flaw that the level of risk is mis-understood.
Where I think the serious problems occur (related to the iPhone) and should really be the focus of security professionals is users who by-pass the iTunes store,have a jail broken iPhones or a failure to include phone in an organizations Information Security Program. When allowing applications access to data on your phone users must understand what they are approving. Education is the key, security professionals must include employees phones within their security policies and procedures. If your company provides users with iPhones so should there be terms of use for employees to follow. This should address many of the risk factors similar to employees computers such as alteration, installation of the hardware or software. This should go beyond the iPhone since any phone can be compromised in this fashion.
For a very excellent rebuttal to a recent paper related to the topic (link in references) users should visit Intego's Blog but remember that understanding the debate is not a risk assessment. That has to be conducted in an un-bias manner, something Mac Administrators have difficulty with. This comes from someone who has be an Apple user since the Apple ][.